Proposal for nacl.sign API change (next version) #36
Comments
dchest
changed the title
dchest
changed the title
|
According to semver spec point 4:
So it will probably be v0.10.0 instead of v1.0.0, yay. |
|
Can we improve Current implementation is a bit confusing to me. May be we can have something like |
|
@devi yes, it just extracts the public key, not generates it. I didn't name it "extract" because while in sign case we only copy it from the secret key, in nacl.box.keyPair.fromSecretKey we actually calculate it from the secret key using scalar multiplication. Probably needs a better documentation rather than API change, but I'm open to new names. |
|
As for On one hand, there's currently no way to do what this function does without copying half of the library, on the other hand, it complicates code (and makes diff from tweenacl.c not so pretty) for an uncommon use case (which can also be dangerous if you're not careful with producing proper seeds, e.g. from passwords with weak derivation function). |
|
It won't be necessary to change names. |
|
Internet connection is killing me. Didn't saw your comment regarding |
Previously, nacl.sign returned a signature, and nacl.sign.open accepted a message and "detached" signature. This was unlike NaCl's API, which dealt with signed messages (concatenation of signature and message). The new API is: nacl.sign(message, secretKey) -> signedMessage nacl.sign.open(signedMessage, publicKey) -> message | null (Compatibility: the latter will throw exception if it doesn't receive 2 arguments, so that it will deliberately break code that uses old API, but the former function won't be able to detect this, and users who didn't upgrade their code will receive a signed message instead of just a signature.) Since detached signatures are common, two new API functions are introduced: nacl.sign.detached(message, secretKey) -> signature nacl.sign.detached.verify(message, signature, publicKey) -> true | false Due to change of API, we increment minor version: from 0.9.2 to 0.10.0 according to semver spec point 4 (for 0.x.y versions). This change was discussed in issue #36.
|
PR #40 will be used for further discussions (if any), so closing this now. |
Previously, nacl.sign returned a signature, and nacl.sign.open accepted a message and "detached" signature. This was unlike NaCl's API, which dealt with signed messages (concatenation of signature and message). The new API is: nacl.sign(message, secretKey) -> signedMessage nacl.sign.open(signedMessage, publicKey) -> message | null (Compatibility: the latter will throw exception if it doesn't receive 2 arguments, so that it will deliberately break code that uses old API, but the former function won't be able to detect this, and users who didn't upgrade their code will receive a signed message instead of just a signature.) Since detached signatures are common, two new API functions are introduced: nacl.sign.detached(message, secretKey) -> signature nacl.sign.detached.verify(message, signature, publicKey) -> true | false Due to change of API, we increment minor version: from 0.9.2 to 0.10.0 according to semver spec point 4 (for 0.x.y versions). This change was discussed in issue #36.
Previously, nacl.sign returned a signature, and nacl.sign.open accepted a message and "detached" signature. This was unlike NaCl's API, which dealt with signed messages (concatenation of signature and message). The new API is: nacl.sign(message, secretKey) -> signedMessage nacl.sign.open(signedMessage, publicKey) -> message | null (Compatibility: the latter will throw exception if it doesn't receive 2 arguments, so that it will deliberately break code that uses old API, but the former function won't be able to detect this, and users who didn't upgrade their code will receive a signed message instead of just a signature.) Since detached signatures are common, two new API functions are introduced: nacl.sign.detached(message, secretKey) -> signature nacl.sign.detached.verify(message, signature, publicKey) -> true | false Due to change of API, we increment minor version: from 0.9.2 to 0.10.0 according to semver spec point 4 (for 0.x.y versions). This change was discussed in issue #36.
|
Merged. |
I'd like to change the signature API sometime in the future to this:
(Maybe instead of
null, returnfalsewhen verification fails?nullmakes more sense to me in this case)Basically, this is how signatures in NaCl/TweetNaCl work.
But since everyone likes to have signatures separate from messages ("detached signatures"), we will add the following new methods to get the behavior similar, but not identical, to what we currently have:
Note that it's
verifyand notopen, because it returns onlytrueorfalse, not the "unsigned" message orfalselikenacl.sign.open.This is inspired by libsodium.
Compatibility
This would require major version bump (to 1.0.0, argh) according to semver principles.
To deliberately break apps which upgraded to 1.0.0 without changing code, we can throw exception if
nacl.sign.openis called with 3 arguments. We can do nothing withnacl.sign, though: instead of just signature it will return signed message. This isn't dangerous. I don't think there's enough users right now anyway to cause headaches :)Comments?
The text was updated successfully, but these errors were encountered: